function execute()
{
global $login_customer_id, $messageStack, $oscTemplate;
$OSCOM_Db = Registry::get('Db');
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$email_address = HTML::sanitize($_POST['email_address']);
$password = HTML::sanitize($_POST['password']);
// Check if email exists
$Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1);
if ($Qcustomer->fetch() === false) {
$error = true;
} else {
// Check that password is good
if (!tep_validate_password($password, $Qcustomer->value('customers_password'))) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = $Qcustomer->valueInt('customers_id');
// migrate old hashed password to new phpass password
if (tep_password_type($Qcustomer->value('customers_password')) != 'phpass') {
$OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password)], ['customers_id' => $login_customer_id]);
}
}
}
}
if ($error == true) {
$messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
}
ob_start();
include DIR_WS_MODULES . 'content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
function _process()
{
global $messageStack, $osC_Database, $osC_Customer;
if (!isset($_POST['password_current']) || strlen(trim($_POST['password_current'])) < ACCOUNT_PASSWORD) {
$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (!isset($_POST['password_new']) || strlen(trim($_POST['password_new'])) < ACCOUNT_PASSWORD) {
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif (!isset($_POST['password_confirmation']) || trim($_POST['password_new']) != trim($_POST['password_confirmation'])) {
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($messageStack->size('account_password') === 0) {
$Qcheck = $osC_Database->query('select customers_password from :table_customers where customers_id = :customers_id');
$Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcheck->bindInt(':customers_id', $osC_Customer->id);
$Qcheck->execute();
if (tep_validate_password(trim($_POST['password_current']), $Qcheck->value('customers_password'))) {
$Qupdate = $osC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id');
$Qupdate->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qupdate->bindValue(':customers_password', tep_encrypt_password(trim($_POST['password_new'])));
$Qupdate->bindInt(':customers_id', $osC_Customer->id);
$Qupdate->execute();
$Qupdate = $osC_Database->query('update :table_customers_info set customers_info_date_account_last_modified = now() where customers_info_id = :customers_info_id');
$Qupdate->bindTable(':table_customers_info', TABLE_CUSTOMERS_INFO);
$Qupdate->bindInt(':customers_info_id', $osC_Customer->id);
$Qupdate->execute();
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
function execute()
{
global $sessiontoken, $login_customer_id, $messageStack, $oscTemplate;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $sessiontoken) {
$email_address = tep_db_prepare_input($_POST['email_address']);
$password = tep_db_prepare_input($_POST['password']);
// Check if email exists
$customer_query = tep_db_query("select customers_id, customers_password from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' limit 1");
if (!tep_db_num_rows($customer_query)) {
$error = true;
} else {
$customer = tep_db_fetch_array($customer_query);
// Check that password is good
if (!tep_validate_password($password, $customer['customers_password'])) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = (int) $customer['customers_id'];
// migrate old hashed password to new phpass password
if (tep_password_type($customer['customers_password']) != 'phpass') {
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $login_customer_id . "'");
}
}
}
}
if ($error == true) {
$messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
}
ob_start();
include 'includes/modules/content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
http://www.osCmax.com
Copyright 2000 - 2011 osCmax
Released under the GNU General Public License
*/
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $language . '/login.php';
$current_boxes = DIR_FS_ADMIN . DIR_WS_BOXES;
if ($_GET['action']) {
switch ($_GET['action']) {
case 'check_password':
$check_pass_query = tep_db_query("select admin_password as confirm_password from " . TABLE_ADMIN . " where admin_id = '" . $_POST['id_info'] . "'");
$check_pass = tep_db_fetch_array($check_pass_query);
// Check that password is good
if (!tep_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) {
tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=check_account&error=password'));
} else {
//$confirm = 'confirm_account';
tep_session_register('confirm_account');
tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));
}
break;
case 'save_account':
$admin_id = tep_db_prepare_input($_POST['id_info']);
$admin_email_address = tep_db_prepare_input($_POST['admin_email_address']);
$stored_email[] = 'NONE';
$hiddenPassword = '******';
$check_email_query = tep_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . "");
while ($check_email = tep_db_fetch_array($check_email_query)) {
$stored_email[] = $check_email['admin_email_address'];
Released under the GNU General Public License
*/
require 'includes/application_top.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$username = tep_db_prepare_input($_POST['username']);
$password = tep_db_prepare_input($_POST['password']);
// Check if usename exists
$check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_username as login_username, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_username = '******'");
if (!tep_db_num_rows($check_admin_query)) {
//Added by PGM
tep_db_query("insert into " . TABLE_ADMIN_LOG . " values (NULL, '" . tep_db_input($username) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Username', now())");
$_GET['login'] = '******';
} else {
$check_admin = tep_db_fetch_array($check_admin_query);
// Check that password is good
if (!tep_validate_password($password, $check_admin['login_password'])) {
//Added by PGM
tep_db_query("insert into " . TABLE_ADMIN_LOG . " values (NULL, '" . tep_db_input($username) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Password', now())");
$_GET['login'] = '******';
} else {
if (tep_session_is_registered('password_forgotten')) {
tep_session_unregister('password_forgotten');
}
$login_id = $check_admin['login_id'];
$login_groups_id = $check_admin['login_groups_id'];
$login_username = $check_admin['login_username'];
$login_logdate = $check_admin['login_logdate'];
$login_lognum = $check_admin['login_lognum'];
$login_modified = $check_admin['login_modified'];
tep_session_register('login_id');
tep_session_register('login_groups_id');
$password_confirmation = tep_db_prepare_input($_POST['password_confirmation']);
$error = false;
if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('a_password', ENTRY_PASSWORD_CURRENT_ERROR);
} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('a_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('a_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_affiliate_query = tep_db_query("select affiliate_password from " . TABLE_AFFILIATE . " where affiliate_id = '" . (int) $affiliate_id . "'");
$check_affiliate = tep_db_fetch_array($check_affiliate_query);
if (tep_validate_password($password_current, $check_affiliate['affiliate_password'])) {
tep_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . (int) $affiliate_id . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
tep_redirect(tep_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL'));
} else {
$error = true;
$messageStack->add('a_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_AFFILIATE_PASSWORD, '', 'SSL'));
$content = affiliate_password;
include bts_select('main');
// BTSv1.5
require DIR_WS_INCLUDES . 'application_bottom.php';
function checkout_login($email_address, $password, $pass_crypt)
{
global $error, $cart, $wishList;
global $customer_id;
global $customer_default_address_id;
global $customer_first_name;
global $customer_password;
global $customer_country_id;
global $customer_zone_id;
$email_address = tep_db_prepare_input($email_address);
$password = tep_db_prepare_input($password);
// Check if email exists
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
if (!tep_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
if (isset($pass_crypt) ? $pass_crypt != $check_customer['customers_password'] : !tep_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = tep_db_fetch_array($check_country_query);
$customer_id = $check_customer['customers_id'];
$customer_default_address_id = $check_customer['customers_default_address_id'];
$customer_first_name = $check_customer['customers_firstname'];
$customer_password = $password;
$customer_country_id = $check_country['entry_country_id'];
$customer_zone_id = $check_country['entry_zone_id'];
tep_session_register('customer_id');
tep_session_register('customer_default_address_id');
tep_session_register('customer_first_name');
tep_session_register('customer_password');
tep_session_register('customer_country_id');
tep_session_register('customer_zone_id');
tep_session_unregister('referral_id');
//rmh referral
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'");
$cart->restore_contents();
$wishList->restore_wishlist();
}
}
}
if ($session_started == false) {
tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));
}
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN;
$error = false;
if (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) {
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
// Check if email exists
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
if (!tep_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
if (!tep_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = tep_db_fetch_array($check_country_query);
$customer_id = $check_customer['customers_id'];
$customer_default_address_id = $check_customer['customers_default_address_id'];
$customer_first_name = $check_customer['customers_firstname'];
$customer_country_id = $check_country['entry_country_id'];
$customer_zone_id = $check_country['entry_zone_id'];
tep_session_register('customer_id');
tep_session_register('customer_default_address_id');
tep_session_register('customer_first_name');
function log_customer_in($email_address = '', $password = '')
{
global $cart;
$error = false;
$check_customer_query = tep_db_query("select customers_id, abo_id, customers_firstname, customers_password, customers_email_address, customers_username, customers_default_address_id, status, customers_group from customers where customers_email_address = '" . tep_db_input($email_address) . "' OR customers_username = '******'");
if (!tep_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = tep_db_fetch_array($check_customer_query);
if (!tep_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if ($check_customer['status'] == '0') {
$active_error = true;
} else {
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = tep_db_fetch_array($check_country_query);
global $customer_id, $abo_id, $customer_default_address_id, $customer_first_name, $customer_country_id, $customer_zone_id, $customer_group, $customers_email_address, $customers_username;
$customer_id = $check_customer['customers_id'];
$abo_id = $check_customer['abo_id'];
$customer_default_address_id = $check_customer['customers_default_address_id'];
$customer_first_name = $check_customer['customers_firstname'];
$customer_country_id = $check_country['entry_country_id'];
$customer_zone_id = $check_country['entry_zone_id'];
$customer_group = $check_customer['customers_group'];
$customers_email_address = $check_customer['customers_email_address'];
$customers_username = $check_customer['customers_username'];
tep_session_register('customer_id');
tep_session_register('abo_id');
tep_session_register('customer_default_address_id');
tep_session_register('customer_first_name');
tep_session_register('customer_country_id');
tep_session_register('customer_zone_id');
tep_session_register('customer_group');
tep_session_register('customers_email_address');
tep_session_register('customers_username');
/*autologin*/
$cookie_url_array = parse_url((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . substr(DIR_WS_CATALOG, 0, -1));
$cookie_path = $cookie_url_array['path'];
if (ALLOW_AUTOLOGON == 'false' || $_POST['remember_me'] == '') {
setcookie("email_address", "", time() - 3600, $cookie_path);
// Delete email_address cookie
setcookie("password", "", time() - 3600, $cookie_path);
// Delete password cookie
} else {
setcookie('email_address', $email_address, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
setcookie('password', $check_customer['customers_password'], time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
}
/*autologin*/
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'");
$cart->restore_contents();
/*FORUM*/
if (FORUM_ACTIVE == 'true' && FORUM_CROSS_LOGIN == 'true') {
$user->session_begin();
$auth->acl($user->data);
$get_forum_username_query = tep_db_query("SELECT username_clean FROM " . FORUM_DB_DATABASE . ".users WHERE user_email = '" . $_POST['email_address'] . "'");
$get_forum_username = tep_db_fetch_array($get_forum_username_query);
if ($_POST['remember_me'] == 'on') {
$remember = 'true';
} else {
$remember = 'false';
}
$auth->login($get_forum_username['username_clean'], $_POST['password'], $remember, 1, 0);
}
/*FORUM*/
}
}
}
if ($error == true) {
return Translate('Fout: er kon niet ingelogd worden met het ingegeven e-mailadres en wachtwoord. Gelieve opnieuw te proberen');
}
if ($active_error == true) {
return Translate('Uw account werd nog niet geactiveerd.');
}
return true;
}
function processAjaxLogin($emailAddress, $password)
{
global $cart, $customer_id, $onepage, $customer_default_address_id, $customer_first_name, $customer_country_id, $customer_zone_id, $sendto, $billto;
$error = false;
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($emailAddress) . "'");
if (!tep_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
if (!tep_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = tep_db_fetch_array($check_country_query);
$customer_id = $check_customer['customers_id'];
$onepage['customer']['email_address'] = $check_customer['customers_email_address'];
$customer_default_address_id = $check_customer['customers_default_address_id'];
$customer_first_name = $check_customer['customers_firstname'];
$customer_country_id = $check_country['entry_country_id'];
$customer_zone_id = $check_country['entry_zone_id'];
$onepage['createAccount'] = false;
$sendto = $customer_default_address_id;
$billto = $customer_default_address_id;
$this->setDefaultSendTo();
$this->setDefaultBillTo();
if (!tep_session_is_registered('customer_default_address_id')) {
tep_session_register('customer_default_address_id');
}
if (!tep_session_is_registered('customer_first_name')) {
tep_session_register('customer_first_name');
}
if (!tep_session_is_registered('customer_country_id')) {
tep_session_register('customer_country_id');
}
if (!tep_session_is_registered('customer_zone_id')) {
tep_session_register('customer_zone_id');
}
if (!tep_session_is_registered('sendto')) {
tep_session_register('sendto');
}
if (!tep_session_is_registered('billto')) {
tep_session_register('billto');
}
if (!tep_session_is_registered('customer_id')) {
tep_session_register('customer_id');
}
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'");
// restore cart contents
$cart->restore_contents();
}
}
$json = '';
if ($error === false) {
$json .= '{
"success": "true",
"msg": "Loading your account info"
}';
} else {
$json .= '{
"success": "false",
"msg": "Authorization Failed"
}';
}
return $json;
}
$check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
// BOF PHONE ORDER
$checked = '';
// If $_POST(['action']) is set then lets check where they have come from
if (isset($_POST['action'])) {
$referrer = $_SERVER['HTTP_REFERER'];
// We should have the admin folder name in the $_POST vars
if (strpos($referrer, $_POST['admin']) !== false) {
$checked = 'pass';
} else {
$checked = 'fail';
}
}
//if (!tep_validate_password($password, $check_customer['customers_password'])) {
if (!tep_validate_password($password, $check_customer['customers_password']) && !isset($_POST['action'])) {
// Password does not match and customer did not come from admin
$error = true;
tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Password', now())");
} elseif (isset($_POST['action']) && $checked == 'fail') {
// Password does not match and customer looks like they came from admin but admin dir does not match - potential hack attempt
$error = true;
tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Hack Attempt', now())");
} else {
// Password matched or phone order via admin passed
//if (SESSION_RECREATE == 'True' && !isset($_POST['action'])) {
if ($checked == 'pass') {
tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Admin as Customer', now())");
} else {
tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Logged In', now())");
}
/**
* Test if an user is authentified
*/
function isAuthenticated()
{
if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$query = 'select user_password from ' . TABLE_ADMINISTRATORS . ' where user_name = "' . $username . '"';
$db_query = tep_db_query($query);
if (tep_db_num_rows($db_query) == 1) {
$result = tep_db_fetch_array($db_query);
if (tep_validate_password($password, $result['user_password'])) {
return true;
}
}
}
return false;
}
// Most of this file is changed or moved to BTS - Basic Template System - format.
// For adding in contribution or modification - parts of this file has been moved to: catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).
// catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).
// (Sub 'fallback' with your current template to see if there is a template specific file.)
require 'includes/application_top.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
$affiliate_username = tep_db_prepare_input($_POST['affiliate_username']);
$affiliate_password = tep_db_prepare_input($_POST['affiliate_password']);
// Check if username exists
$check_affiliate_query = tep_db_query("select affiliate_id, affiliate_firstname, affiliate_password, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . tep_db_input($affiliate_username) . "'");
if (!tep_db_num_rows($check_affiliate_query)) {
$_GET['login'] = '******';
} else {
$check_affiliate = tep_db_fetch_array($check_affiliate_query);
// Check that password is good
if (!tep_validate_password($affiliate_password, $check_affiliate['affiliate_password'])) {
$_GET['login'] = '******';
} else {
$affiliate_id = $check_affiliate['affiliate_id'];
tep_session_register('affiliate_id');
$date_now = date('Ymd');
tep_db_query("update " . TABLE_AFFILIATE . " set affiliate_date_of_last_logon = now(), affiliate_number_of_logons = affiliate_number_of_logons + 1 where affiliate_id = '" . $affiliate_id . "'");
tep_redirect(tep_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL'));
}
}
}
require bts_select('language', FILENAME_AFFILIATE);
$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$content = CONTENT_AFFILIATE;
include bts_select('main');
// BTSv1.5
$partners_password_confirmation = tep_db_prepare_input($HTTP_POST_VARS['partners_password_confirmation']);
$error = false;
if (strlen($partners_password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('header', ENTRY_PARTNER_PASSWORD_CURRENT_ERROR);
} elseif (strlen($partners_password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('header', ENTRY_PARTNER_PASSWORD_NEW_ERROR);
} elseif ($partners_password_new != $partners_password_confirmation) {
$error = true;
$messageStack->add('header', ENTRY_PARTNER_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_partner_query = tep_db_query("select partners_password from " . TABLE_PARTNERS . " where partners_id = '" . (int) $partner_id . "'");
$check_partner = tep_db_fetch_array($check_partner_query);
if (tep_validate_password($partners_password_current, $check_partner['partners_password']) || tep_not_null(ACCOUNT_UNIVERSAL_PASSWORD) && $partners_password_current == ACCOUNT_UNIVERSAL_PASSWORD) {
tep_db_query("update " . TABLE_PARTNERS . " set partners_password = '******', last_modified = now() where partners_id = '" . (int) $partner_id . "'");
$messageStack->add_session('header', SUCCESS_PARTNER_PASSWORD_UPDATED, 'success');
tep_redirect(tep_href_link(FILENAME_PARTNER, '', 'SSL'));
} else {
$error = true;
$messageStack->add('header', ERROR_PARTNER_CURRENT_PASSWORD_NOT_MATCHING);
}
}
break;
case 'logoff':
tep_session_unregister('partner_id');
tep_session_unregister('partner_name');
$messageStack->add_session('header', SUCCESS_PARTNER_LOGOFF, 'success');
tep_redirect(tep_href_link(FILENAME_PARTNER, '', 'SSL'));
break;
if ($osC_Session->is_started == false) {
tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));
}
require DIR_WS_LANGUAGES . $osC_Session->value('language') . '/' . FILENAME_LOGIN;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
// Check if email exists
$Qcheck = $osC_Database->query('select customers_id, customers_password from :table_customers where customers_email_address = :customers_email_address');
$Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcheck->bindValue(':customers_email_address', $_POST['email_address']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() < 1) {
$error = true;
} else {
// Check that password is good
if (!tep_validate_password($_POST['password'], $Qcheck->value('customers_password'))) {
$error = true;
} else {
if (SERVICE_SESSION_REGENERATE_ID == 'True') {
$osC_Session->recreate();
}
$osC_Customer->setCustomerData($Qcheck->valueInt('customers_id'));
$Qupdate = $osC_Database->query('update :table_customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = :customers_info_id');
$Qupdate->bindTable(':table_customers_info', TABLE_CUSTOMERS_INFO);
$Qupdate->bindInt(':customers_info_id', $osC_Customer->id);
$Qupdate->execute();
// restore cart contents
$cart->restore_contents();
$navigation->remove_current_page();
if (sizeof($navigation->snapshot) > 0) {
$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array($osC_Session->name)), $navigation->snapshot['mode']);
Copyright (c) 2007 osCommerce
Released under the GNU General Public License
*/
require 'includes/application_top.php';
require 'includes/functions/password_funcs.php';
$action = isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '';
if (tep_not_null($action)) {
switch ($action) {
case 'process':
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
$check_query = tep_db_query("select id, user_name, user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "'");
if (tep_db_num_rows($check_query) == 1) {
$check = tep_db_fetch_array($check_query);
if (tep_validate_password($password, $check['user_password'])) {
tep_session_register('admin');
$admin = array('id' => $check['id'], 'username' => $check['user_name']);
if (tep_session_is_registered('redirect_origin')) {
$page = $redirect_origin['page'];
$get_string = '';
if (function_exists('http_build_query')) {
$get_string = http_build_query($redirect_origin['get']);
}
tep_session_unregister('redirect_origin');
tep_redirect(tep_href_link($page, $get_string));
} else {
tep_redirect(tep_href_link(FILENAME_DEFAULT));
}
}
}
/**
* If a native user tries log in with Amazon, prompt them to merge the accounts.
*
* @return bool
*/
private function renderMergePost()
{
$user_data = LoginWithAmazon_Tools::get_userdata();
$email = $user_data->email;
$password = isset($_POST['password']) ? $_POST['password'] : NULL;
if (empty($email)) {
return TRUE;
}
$cust_id = LoginWithAmazon_Tools::get_customer_id_by_email($email);
if (!$cust_id) {
return TRUE;
}
$password_hash = LoginWithAmazon_Tools::get_customer_password_hash_by_id($cust_id);
if (!LoginWithAmazon_Tools::is_amazon_user_any($cust_id)) {
global $messageStack;
$authenticated = tep_validate_password($password, $password_hash);
if ($authenticated) {
LoginWithAmazon_Tools::add_user_to_merge_table($cust_id);
LoginWithAmazon_Tools::login_user($cust_id);
tep_redirect(tep_href_link(FILENAME_ACCOUNT, LoginWithAmazon_Tools::MERGE_ACCOUNTS_SUCCESS . '=1'));
} else {
// Set an error message
$messageStack->add('login', MODULE_HEADER_TAGS_LOGINWITHAMAZON_MERGE_FAIL, 'error');
}
}
}
if (isset($HTTP_POST_VARS['action']) && $HTTP_POST_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) {
$password_current = tep_db_prepare_input($HTTP_POST_VARS['password_current']);
$password_new = tep_db_prepare_input($HTTP_POST_VARS['password_new']);
$password_confirmation = tep_db_prepare_input($HTTP_POST_VARS['password_confirmation']);
$error = false;
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$check_customer_query = tep_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'");
$check_customer = tep_db_fetch_array($check_customer_query);
if (tep_validate_password($password_current, $check_customer['customers_password'])) {
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $customer_id . "'");
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customer_id . "'");
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'template_top.php';
require 'includes/form_check.js.php';
?>
$password_current = HTML::sanitize($_POST['password_current']);
$password_new = HTML::sanitize($_POST['password_new']);
$password_confirmation = HTML::sanitize($_POST['password_confirmation']);
$error = false;
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
} elseif ($password_new != $password_confirmation) {
$error = true;
$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
}
if ($error == false) {
$Qcheck = $OSCOM_Db->prepare('select customers_password from :table_customers where customers_id = :customers_id');
$Qcheck->bindInt(':customers_id', $_SESSION['customer_id']);
$Qcheck->execute();
if (tep_validate_password($password_current, $Qcheck->value('customers_password'))) {
$OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password_new)], ['customers_id' => (int) $_SESSION['customer_id']]);
$OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()'], ['customers_info_id' => (int) $_SESSION['customer_id']]);
$messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
OSCOM::redirect('account.php', '', 'SSL');
} else {
$error = true;
$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
}
}
}
$breadcrumb->add(NAVBAR_TITLE_1, OSCOM::link('account.php', '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, OSCOM::link('account_password.php', '', 'SSL'));
require 'includes/template_top.php';
?>
function validateUser()
{
$this->username = $this->getNodeData(array('ACCESSREQUEST', 'ACCESSUSERID'), $this->arrOutput);
$this->password = $this->getNodeData(array('ACCESSREQUEST', 'ACCESSPASSWORD'), $this->arrOutput);
if (!$this->username || !$this->password) {
return $this->responseXML('10', SOAP_NO_USER_PW, 'error');
}
// validate user with db (call validation function)
$result = tep_db_query("select user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . $this->username . "'");
if (tep_db_num_rows($result) == 0) {
return $this->responseXML('11', SOAP_USER_NOT_FOUND, 'error');
}
$fields = tep_db_fetch_array($result);
if (!tep_validate_password($this->password, $fields['user_password'])) {
return $this->responseXML('12', SOAP_PASSWORD_NOT_FOUND, 'error');
}
return true;
// if both the username and password are correct
}
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
} elseif (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process') {
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
// Check if email exists
$check_customer_query = tep_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_password, c.customers_email_address, c.customers_email_address_confirmed, c.customers_default_address_id, c.customers_type, c.customers_status, co.companies_name, co.companies_corporate from " . TABLE_CUSTOMERS . " c left join " . TABLE_COMPANIES . " co on (c.customers_id = co.customers_id) where c.customers_email_address = '" . tep_db_input($email_address) . "' and customers_is_dummy_account = '0'");
if (!tep_db_num_rows($check_customer_query)) {
$error = true;
$error_message = TEXT_ACCOUNT_DOESNT_EXIST_ERROR;
} else {
$check_customer = tep_db_fetch_array($check_customer_query);
if ($check_customer['customers_email_address_confirmed'] == '0') {
$error = true;
$error_message = sprintf(TEXT_ACCOUNT_NOT_CONFIRMED_ERROR, tep_href_link(FILENAME_LOGIN, 'action=repeat&email=' . urlencode($email_address), 'SSL'));
// Check that password is good
} elseif (tep_validate_password($password, $check_customer['customers_password']) || tep_not_null(ACCOUNT_UNIVERSAL_PASSWORD) && $password == ACCOUNT_UNIVERSAL_PASSWORD) {
$check_country_query = tep_db_query("(select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "' and entry_country_id in (select countries_id from " . TABLE_COUNTRIES . ")) union (select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id <> '" . (int) $check_customer['customers_default_address_id'] . "' and entry_country_id in (select countries_id from " . TABLE_COUNTRIES . ") order by address_book_id desc) order by '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = tep_db_fetch_array($check_country_query);
$customer_id = $check_customer['customers_id'];
$customer_type = $check_customer['customers_type'];
if (ACCOUNT_MIDDLE_NAME == 'true') {
list($customer_first_name, $customer_middle_name) = explode(' ', trim($check_customer['customers_firstname']));
} else {
$customer_first_name = $check_customer['customers_firstname'];
$customer_middle_name = '';
}
$customer_last_name = $check_customer['customers_lastname'];
$customer_status = $check_customer['customers_status'];
$customer_company = $check_customer['companies_name'];
$customer_corporate = $check_customer['companies_corporate'];
$customer_default_address_id = $check_country['address_book_id'];
